It is widely known to control access to a resource. For example, access to a physical resource, such as, e.g., a storage cabinet, may be subject to a user having a physical key which fits a lock of the storage cabinet. Hence, the access is controlled in that it is subject to a security measure in the form of a physical key being required to unlock the lock.
Alternatively or additionally to using physical keys, such access may also be controlled electronically, i.e., using an electronic system. Such a system may require a user to identify him/herself, e.g., by entering a user identification on a keypad of the system or by swiping a magnetic badge through a badge reader. Having identified the user, the system may then grant the user access to the resource based on the user passing one or more security measures. For example, the user may be required to enter a password via the keypad. The identification and passing of the one or more security measures may also be combined. For example, the system may obtain a biometric identification of the user, with the providing of the biometric identification also serving as passing a security measure.
US 2005/0097320 A1 describes a flexible transaction processing system. It is said that the flexible transaction processing system may assess a risk level, and based on the risk level, set or alter a level of authentication for the transaction. Several examples are provided of how the risk level may be assessed, including evaluating the transaction, assessing a size of the transaction and assessing the risk level of the user.
It is known to dynamically adjust a level of security needed for accessing an electronic health record of a patient based on a context of the access.
A publication from Pravin Shetty and Seng Loke, titled “Modelling Context-Aware Security for Electronic Health Records Using Contextual Graphs”, 2007, Australia, describes an approach to modeling security for electronic health records by using contextual graphs. It is said that contextual information may be used in implementing security policies, thereby enabling to take different security actions based on the contextual information. The publication describes such contextual information being, e.g., a role of the user within a medical institution and whether access to the electronic health record is local or remote.